[tor-bugs] #12930 [Obfuscation/Pluggable transport]: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments.

[Tor Bug Tracker & Wiki]

#12930: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS"
arguments.
---------------------------------------------+---------------------
 Reporter:  yawning                          |          Owner:  asn
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Obfuscation/Pluggable transport  |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  goptlib                          |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+---------------------
Changes (by catalyst):

 * severity:   => Normal


Comment:

 There are multiple conflicting definitions of pluggable transport
 arguments that probably cannot be made consistent in a backward-compatible
 way.  https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n368
 defines the general BNF syntax for a managed transport process-to-parent
 communication, which excludes NUL and NL.  The `SMETHOD` syntax at
 https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n544 looks more
 ad-hoc, but it implies that the options are space-separated words.  The
 `ARGS` option is `k=v` pairs separated by commas, and only has provisions
 for escaping commas and equals signs (but not NUL, NL, SP, or backslash).

 Ultimately, the SMETHOD ARGS will end up in a `Bridge` config line,
 described at https://gitweb.torproject.org/torspec.git/tree/proposals/180
 -pluggable-transport.txt#n146.  This config line has space-separated `k=v`
 pairs.  The syntax has provisions for escaping backslash and semicolon but
 not spaces, equals signs, commas, newlines, or NUL characters.  The
 `tor(1)` manual page is out of date and doesn't reflect the prop180 config
 line syntax.  (This is bug #20341.)

 https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt#n93 says
 the arguments are comma-separated `k=v` pairs, but
 https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt#n338 then
 recommends displaying them as space-separated `k=v` pairs.  (This is
 consistent with the prop180 config line syntax.)

 After IRC discussion with arma and Yawning, it seems that the best
 solution may be to amend the specs to disallow certain characters from
 keys or values in transport args, such as NUL, NL, SP, backslash, equals
 sign, comma, and maybe semicolon.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12930#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online